Good day, I'm checking testing against 2002 DSAs (for woody) with Joeh Hess. I'm not sure with DSA-187 [1] and DSA-188 [2] (sames security problems, one for apache and another one for apache-ssl) I know that CAN-2002-0839, CAN-2002-0840, CAN-2002-0843 are fixed in unstable since apache 1.3.27-0.1 I believe CAN-2001-0131 and CAN-2002-1233 are fixed with the following patches in apache debian packages : 901_security_htdigest_tempfiles 902_security_htpasswd_tempfiles Could you confirmme this? both DSA also mentionned buffer overflows in ApacheBench : | NO-CAN: Several buffer overflows have been found in the ApacheBench (ab) | utility that could be exploited by a remote server returning very long | strings. Do you know if theses are fixed in testing package? Thanks for your help. [1] http://www.debian.org/security/2002/dsa-187 [2] http://www.debian.org/security/2002/dsa-188 -- Djoumé SALVETTI
Attachment:
pgpxX8twfRPKY.pgp
Description: PGP signature